Friday, November 28, 2014

Google patches 42 flaws for Chrome

Google rolls out Chrome 39.0.2171.65 that fixes 42 security flaws in the web browser. Google Chrome now supports Apple Mac OS X running on 64-bit. Google has rewarded $41,500 to cyber security researchers for 12 security flaws reported. Researcher identified as "biloulehibou" got the highest reward of $7,500 for finding out an issue related to Adobe Flash player used in Chrome. Adobe advisory covered this issue under "double-free" vulnerability that allows intruders to execute arbitrary code. Chen Zhang of the NSFocus Security Team rewarded $5,500 for finding two bugs in the Blink rendering engine and Pepper plug-in interface used by Chrome. These issues are related to use-after-free vulnerabilities that allow remote code execution or possibly crash the vulnerable application. Latest version of Google Chrome disable fallback support for SSL 3.0 due to POODLE vulnerability. <more>